File tree Expand file tree Collapse file tree 4 files changed +30
-2
lines changed Expand file tree Collapse file tree 4 files changed +30
-2
lines changed Original file line number Diff line number Diff line change @@ -15,6 +15,7 @@ public enum AuthenticationMode
1515 ActiveDirectory ,
1616 ActiveDirectorySingleUser ,
1717 ThirdPartyProvider ,
18+ Impersonate ,
1819 NotDefined
1920 } ;
2021
@@ -36,7 +37,8 @@ public static NetworkCredential NetworkCredential()
3637
3738 public static AuthenticationMode GetAuthenticationMode ( )
3839 {
39- if ( Int32 . TryParse ( ConfigurationManager . AppSettings [ "API_AUTH_MODE" ] , out int mode ) )
40+ int mode = 0 ;
41+ if ( Int32 . TryParse ( ConfigurationManager . AppSettings [ "API_AUTH_MODE" ] , out mode ) )
4042 {
4143 switch ( mode )
4244 {
@@ -46,6 +48,8 @@ public static AuthenticationMode GetAuthenticationMode()
4648 return AuthenticationMode . ActiveDirectorySingleUser ;
4749 case 3 :
4850 return AuthenticationMode . ThirdPartyProvider ;
51+ case 4 :
52+ return AuthenticationMode . Impersonate ;
4953 default :
5054 return AuthenticationMode . NotDefined ;
5155 }
Original file line number Diff line number Diff line change @@ -20,6 +20,7 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
2020 break ;
2121 case ServiceConfig . AuthenticationMode . ActiveDirectorySingleUser :
2222 case ServiceConfig . AuthenticationMode . ThirdPartyProvider :
23+ case ServiceConfig . AuthenticationMode . Impersonate :
2324 identity = ServiceConfig . ParseUserCredential ( ) ;
2425 break ;
2526 }
Original file line number Diff line number Diff line change 11using System ;
22using System . Web ;
3+ using System . Configuration ;
4+ using System . Net . Mail ;
5+ using System . Security . Principal ;
6+ using System . Security . Claims ;
37
48namespace AxaptaApiApp . Utils
59{
@@ -46,6 +50,23 @@ public static class ClientFactory
4650 HttpContext . Current . User . Identity . AuthenticationType ,
4751 HttpContext . Current . User . Identity . Name ) ;
4852 }
53+ else if ( ServiceConfig . GetAuthenticationMode ( ) == ServiceConfig . AuthenticationMode . Impersonate )
54+ {
55+ string domain = HttpContext . Current . User . Identity . AuthenticationType ;
56+ string username = "" ;
57+ ClaimsPrincipal claimsPrincipal = HttpContext . Current . User as ClaimsPrincipal ;
58+ string email = claimsPrincipal . FindFirst ( ClaimTypes . Upn ) != null ? claimsPrincipal . FindFirst ( ClaimTypes . Upn ) . Value : claimsPrincipal . FindFirst ( ClaimTypes . Email ) . Value ;
59+
60+ //aad is Azure Active Directory - if aad is used then use the internal network domain name from the app settings
61+ //Other possible values are Google, Facebook, Twitter - for those we will pass direct to AX as a claims user
62+ if ( String . Equals ( domain , "aad" ) )
63+ {
64+ domain = ConfigurationManager . AppSettings [ "API_AUTH_USER_DOMAIN" ] ;
65+ MailAddress addr = new MailAddress ( email ) ; //takes [email protected] 66+ username = addr . User ; //returns username
67+ }
68+ context . LogonAsUser = String . Format ( "{0}\\ {1}" , domain , username ) ;
69+ }
4970
5071 return context ;
5172 }
Original file line number Diff line number Diff line change 77
88 Mode 1: Multi-User (Active Directory)
99 Mode 2: Single-User (Active Directory)
10- Mode 3: Third-Party Provider
10+ Mode 3: Third-Party Provider - Impersonates but takes the authenticate type and name
11+ Mode 4: Impersonate - uses the API_AUTH_USER_DOMAIN and the username from the email to resolve a string like domain\username
12+ - this is used usually when you are syncing your onpremise AD to Azure AD
1113 -->
1214 <add key =" API_AUTH_MODE" value =" 2"
1315 <add key =" API_AUTH_USER_DOMAIN" value =" "
You can’t perform that action at this time.
0 commit comments